teleport@16 16.5.0

[bayandin]

Created with brew bump-formula-pr.

Details

release notes

## Description
Automatic Updates
16.5 introduces a new automatic update mechanism for system administrators to control which Teleport version their

agents are running. You can now configure the agent update schedule and desired agent version via the autoupdate_config

and autoupdate_version resources.
Updates are performed by the new teleport-update binary.

This new system is package manager-agnostic and opt-in. Existing agents won't be automatically enrolled, you can enroll

existing 17.3+ agents by running teleport-update enable.
teleport-update will become the new standard way of installing Teleport as it always picks the appropriate Teleport

edition (Community vs Enterprise), the cluster's desired version, and the correct Teleport variant (e.g. FIPS-compliant

cryptography).
You can find more information about the feature in our documentation.
Package layout changes
Starting with 16.5.0, the Teleport DEB and RPM packages, notably used by the apt, yum, dnf and zypper package

managers, will place the Teleport binaries in /opt/teleport instead of /usr/local/bin.
The binaries will be symlinked to their previous location, no change should be required in your scripts or systemd units.
This change allows us to do automatic updates without conflicting with the package manager.
Readiness endpoint changes
The Auth Service readiness now reflects the connectivity from the instance to

the backend storage, and the Proxy Service readiness reflects the connectivity

to the Auth Service API. In case of Auth or backend storage failure, the

instances will now turn unready. This change ensures that control plane

components can be excluded from their relevant load-balancing pools. If you want

to preserve the old behaviour (the Auth Service or Proxy Service instance stays

ready and runs in degraded mode) in the teleport-cluster Helm chart, you can

now tune the readiness setting to have the pods become unready after a high

number of failed probes.
Other improvements and fixes

Fix a bug causing the discovery service to fail to configure teleport on discovered nodes when managed updates v2 are enabled. #53544
Enable support for joining Kubernetes sessions in the web UI. #53456
Fix an issue tsh proxy db does not honour --db-roles when renewing certificates. #53446
Added static_jwks field to the GitLab join method configuration to support cases where Teleport Auth Service cannot reach the GitLab instance. #53412
The teleport-cluster Helm chart now supports tuning the pod readiness. #53353
Fix panic when trimming audit log entries. #53307
Improve resource consumption when retrieving resources via the Web UI or tsh ls. #53303
Fixed rare high CPU usage bug in reverse tunnel agents. #53282
Add support for SendEnv OpenSSH option in tsh. #53217
Add support for using DynamoDB Streams FIPS endpoints. #53202
Workload ID: support for attesting Systemd services. #53109
Machine ID: Added warning when generated certificates will not last as long as expected. #53103
Improve latency and reduce resource consumption of generating Kubernetes certificates via tctl auth sign and tsh kube login. #52147

Download
Download the current and previous releases of Teleport at https://goteleport.com/download.
Plugins
Download the current release of Teleport plugins from the links below.

Slack Linux amd64 | Linux arm64
Mattermost Linux amd64 | Linux arm64
Discord Linux amd64 | Linux arm64
Terraform Provider Linux amd64 | Linux arm64 | macOS amd64 | macOS arm64 | macOS universal
Event Handler Linux amd64 | Linux arm64 | macOS amd64
PagerDuty Linux amd64 | Linux arm64
Jira Linux amd64 | Linux arm64
Email Linux amd64 | Linux arm64
Microsoft Teams Linux amd64 | Linux arm64